nanocore | 5ab642cc797d8ad4df98b94cd6345a7a6398b11759c5dc10471fcacaa4d97469 | Triage

Sharing

General

Target

5ab642cc797d8ad4df98b94cd6345a7a6398b11759c5dc10471fcacaa4d97469.exe
Size

336KB
Sample

241211-vq7kyasjav
MD5

8580b4b852ac18927a687380054dd3d0
SHA1

51360ec7b34ddd71922867945df8995075d71760
SHA256

5ab642cc797d8ad4df98b94cd6345a7a6398b11759c5dc10471fcacaa4d97469
SHA512

75eaa9d6d510698ef9eec7e4108168185a96d9a276db0a7cf0c932843370f3141ac10cba4c6d9295ed8b13a3f3793847165db9ab29711491fd7d3372445cf572
SSDEEP

6144:6geDH2XOIDQg+3XjfgBqhiHAyQKWat7Y0kxBn8yVmEAmg+D:6HH2X9D2TI3Hp3WaNYDxBn8yMEAmDD

Score

10^/10

nanocore discovery evasion keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  5ab642cc797d8ad4df98b94cd6345a7a6398b11759c5dc10471fcacaa4d97469.exe
- Size
  
  336KB
- MD5
  
  8580b4b852ac18927a687380054dd3d0
- SHA1
  
  51360ec7b34ddd71922867945df8995075d71760
- SHA256
  
  5ab642cc797d8ad4df98b94cd6345a7a6398b11759c5dc10471fcacaa4d97469
- SHA512
  
  75eaa9d6d510698ef9eec7e4108168185a96d9a276db0a7cf0c932843370f3141ac10cba4c6d9295ed8b13a3f3793847165db9ab29711491fd7d3372445cf572
- SSDEEP
  
  6144:6geDH2XOIDQg+3XjfgBqhiHAyQKWat7Y0kxBn8yVmEAmg+D:6HH2X9D2TI3Hp3WaNYDxBn8yMEAmDD
Score

10^/10

nanocore discovery evasion keylogger persistence spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Nanocore family
  nanocore
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nanocorediscoveryevasionkeyloggerpersistencespywarestealertrojan

behavioral2

nanocorediscoveryevasionkeyloggerpersistencespywarestealertrojan